A company has decided to use the SDLC for the creation and production of a new information
system. The security administrator is training all users on how to protect company information
while using the new system, along with being able to recognize social engineering attacks. Senior
Management must also formally approve of the system prior to it going live. In which of the
following phases would these security controls take place?
A.
Operations and Maintenance
B.
Implementation
C.
Acquisition and Development
D.
Initiation